I have a file givin to me as a project, it has an unknown encryption type and is compressed. The compression type used is Zlib but the ratio is unknown. I have attempted to decompress the file and have produced 30 1kb files. I am unsure if the file is compressed then encrypted or vice versa. I was givin this output as a clue which I assume is produced in Bash shell linux. I have cygwin installed in my Win machine and im using Bash, however I was unable to reproduce this ouput. The file in question is a .FF which I assume stands for fastfile. I have included a hex snippet at the bottom of this thread. Any help would be appreciated.

2 Answers
2

I think this'll be somewhat out of SO's league. We're programmers, not cryptographers. With an unknown encryption, and unknown compression, you might as well give up. Even if it's something standard like AES or 3-DES, the odds of being able to recover a key that would decrypt into something legible are basically 0.

Even if it's something simplistic like XOR, the odds of finding the key string are low without any hint as to what the plaintext is. Was it encrypted with a single-byte? two bytes? 50 kilobyte? Perhaps it was a one-time-pad, in which case it's essentially impossible to decrypt without the original pad.

Any good crypto program isn't going to leave any plaintext or almost-plaintext signatures in the file to be spotted - that just gives a crack for a cryptographer to wedge their tools into and start prying.

Thanks for the fast reply, the Zlib compresssion is assumably the same as all the other previuosly not encrypted files similar to this one. ( I will assume this untill proven different) That being said, its the encryption that Im looking at. Is anyone familiar with the linux output I provided, and what clues it may hold?
–
gunner548Mar 2 '11 at 4:50